This Week in Technology

Ursnif, Emotet, Dridex and BitPaymer Malware Families Team Up to Wreak Havoc

Given the impact of the Ursnif and Dridex banking Trojans, the ubiquity of Emotet loaders, and the ability of BitPaymer to infiltrate systems via remote desktop and email vectors, this malware interoperability provides evidence that malicious actors are developing their own versions of professional organizations to empower threat evolution.

“The [Golduck] domain was on a watchlist we established due to its use in distributing a specific strain of Android malware in the past,” said Michael Covington, Wandera’s vice-president of product. “When we started seeing communication between iOS devices and the known malware domain, we investigated further.”

In a statement released Friday, the hotel chain said the "upper limit" for the number of potentially compromised guests is around 383 million, though it's likely that some of those records are duplicates. Regardless, the breach affected a lot of people who have stayed at Marriot hotels and exposed personal and financial information. As for passports, Marriot said approximately 5.25 million unencrypted passport numbers and 20.3 million encrypted passport numbers were accessed in the breach.

Using Internet Explorer and Flash Player exploits delivered in the fallout exploit kit, the campaign is distributed by what researchers at Malwarebytes describe as a 'prolific' malvertising campaign targeting high-traffic torrent and streaming sites and redirecting users towards two malicious payloads.

Security professionals can protect mobile devices from pre-installed malware and other threats by using a unified endpoint management (UEM) solution to monitor how these devices report to the corporate IT environment. They should also use behavioral analysis to help defend mobile devices against zero-day threats.

Since 2016, the number of companies to have suffered a third-party data breach increased from 49 percent to 61 percent in 2018. Moreover, third-party data breaches over a 12-month period increased from 34 percent to 45 percent in 2018.

Modlishka is what IT professionals call a reverse proxy, but modified for handling traffic meant for login pages and phishing operations. It sits between a user and a target website --like Gmail, Yahoo, or ProtonMail. Phishing victims connect to the Modlishka server (hosting a phishing domain), and the reverse proxy component behind it makes requests to the site it wants to impersonate.

Microsoft is authorizing Citrix, which is a Microsoft Cloud Service Provider partner, to sell Windows Virtual Desktop (WVD) and to integrate WVD with Citrix Workspace, Citrix Virtual Apps and its Desktops service offerings (the products formerly known as XenDesktop and XenApp).

The Webex Teams integrations with Microsoft's document storage apps let users upload files from those platforms to the Cisco app. Users can preview, share or edit the files without leaving the Cisco interface.

A new malware dubbed ICEPick-3PM is stealing device IP addresses en masse since at least spring 2018. The malware executes after its authors hijack a website’s third-party tools which are often pre-loaded onto client platforms by self-service agencies and are designed to incorporate interactive web content, such as animation via HTML5.

Cisco has disclosed fixes for a terrible bug affecting AsyncOS for Cisco email security appliances, which are prone to a "permanent" denial of service (DoS) because the software doesn't properly validate S/MIME-signed emails.

OXO International discloses data breach, customer data over two years impacted

While OXO says that "the attempt to compromise your payment information may have been ineffective," the business added that names, billing and shipping addresses, as well as credit card information was involved in the data breach.

The combination of Citrix ADC and Citrix ADM provides the solution to deliver all your application delivery needs and more. Let’s take a look and see why Citrix ADC, working with Citrix Application and Delivery Management (ADM) in the hybrid multi-cloud world, is not just another virtual workload.